Share
## https://sploitus.com/exploit?id=289EA5D5-754D-5478-A3A8-B92C17FF9873
# LiteLLM CVE-2026-42203 PoC Usage Instructions

This document explains how to initiate a local LiteLLM environment and execute the `CVE-2026-42203.py` script to exploit the SSTI vulnerability in `/prompts/test`. Use this script only in a authorized local experimental environment. Do not direct the script towards unauthorized public targets.

## 1. Initialize the Local Environment

Enter the Lab directory and start LiteLLM, Postgres, and Prometheus:

```bash
docker compose up -d
```

Check the container status:

```bash
docker compose ps
```

Confirm that the services are accessible:

```bash
curl http://127.0.0.1:4000/
```

The default value of Master_Key is: sk-master-test-key-1234

## 2. Configure CEYE and LiteLLM Key

Access the configuration via: http://ceye.io/profile

Pass the parameters via the command line:

```bash
python3 cve_2026_42203_litellm_prompts_test_ssti.py \
  --auth 'sk-local-test-key' \
  --ceye-domain 'your-id.ceye.io' \
  --ceye-token 'your-ceye-api-token'
```

Variable Explanation:
- `LITELLM_API_KEY`: The access key for LiteLLM. In a local Docker environment, it usually corresponds to `LITELLM_MASTER_KEY` in the `.env` file.
- `CEYE_DOMAIN`: Your CEYE subdomain, e.g., `xxxxxx.ceye.io`.
- `CEYE_TOKEN`: Your CEYE API Token, used to query callback records.

## 3. Execute the PoC

Complete example:

```bash
python3 cve_2026_42203_litellm_prompts_test_ssti.py \
  --target http://127.0.0.1:4000 \
  --auth 'sk-local-test-key' \
  --ceye-domain 'your-id.ceye.io' \
  --ceye-token 'your-ceye-api-token'
```

Key Parameters:
- `--target`: The address of the LiteLLM service, default is `http://127.0.0.1:4000`.
- `--auth` / `--api-key`: The key used to call `/prompts/test` on LiteLLM.
- `--ceye-domain`: The domain for CEYE callback.
- `--ceye-token`: Your CEYE API Token.
The script will automatically mask sensitive information during execution.
- `--wait`: Number of seconds to wait for CEYE to send a callback. Default is `20`.
- `--interval`: Interval between polls of CEYEโ€™s records. Default is `3`.
- `--timeout`: Timeout for HTTP requests. Default is `10` seconds.
- `--insecure`: Add this parameter if the target uses self-signed HTTPS certificates. This disables TLS certificate verification.

## 4. Check Results

If CEYE receives a callback, the script will output:

```
[VULNERABLE] CEYE received the callback request.
```

If no callback is received within the wait time, the script will output:

```
[NOT_VULNERABLE] CEYE did not receive the callback request within the wait window.
```

[source-iocs-preserved url=http://127.0.0.1:4000`ใ€‚]